DNS tunneling for Metasploit now open source
Today I published my DNS tunneling implementation on GitHub. The source code can be found in the dns-tunneling branch on GitHub. I was tired of having the code gather dust on my hard drive and look forward to collaborate!
There is still a bit of work to do before (hopefully!) merging this into an upcoming version of Metasploit. Now that the project is public, I will be adding a todo list and an English readme file soon (Dutch readme already available). Currently, the only supported stage is a Windows shell. Tunneling a meterpreter stage over DNS is one of the main items on my todo list.
Before anyone starts yelling “pics or it didn’t happen“, below is a screenshot of a Windows shell tunneled over DNS in Metasploit:
Thanks in advance to anyone willing to contribute to this project! If you have any questions related to the code or if you are struggling with getting the proof of concept working, please get in touch. These are also my first steps into open source, so if anyone has suggestions on how to best approach this (e.g. on GitHub) I would love to hear it!
Hi Daan,
Nice work. I also recently experimented with tunneling metasploit over DNS. The biggest issue there was performance, in that it took an age to actually get the stages downloaded successfully.
In my case I was trying to stage the Java meterpreter, as I started with the DNScat project’s implementation.
I look forward to seeing a future Metasploit DNS tunnel implementation integrated in mainline.
Hi Rogan,
Thanks for your response. Yes, bandwidth is certainly a challenge with DNS tunneling. That’s why I opted to start tunneling a Windows shell instead of the clumsier meterpreter payloads. However, adding support for meterpreter is on the top of the todo list.
If you are interested in collaborating feel free to fork the GitHub branch. We both share the hope of seeing this in metasploit soon!